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Reply to Office action of August 12, 2005 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

1. (Currently Amended) A method of reporting malware events comprising the steps 
of: 

detecting a malware event with one of a plurality of levels using a malware 
scanner, the malware event comprising at least one of: completion of a malware scan, a 
process failure relating to malware scanning, a missing log file, detection of malware, or 
failure of a response to malware ; 

determining a level of the detected malware event; 

comparing the level of the detected malware event to an event trigger threshold 
with one of a plurality of levels ; and 

transmitting a notification of the detected malware event, based on the 
comparison of the level of the detected malware event to the event trigger threshold; 

wherein the level of the malware event comprises one of: informational malware 
events requiring no operator intervention; warning malware events that indicate a process 
failure; minor malware events that require attention, but are not events that could lead to 
loss of data; major malware events that need operator attention; critical malware events 
that need immediate operator attention and could lead to loss of data if not corrected; 

wherein the level of the event trigger threshold comprises one of: informational 
malware events requiring no operator intervention; warning malware events that indicate 
a process failure; minor malware events that require attention, but are not events that 
could lead to loss of data; major malware events that need operator attention; critical 
malware events that need immediate operator attention and could lead to loss of data if 
not corrected; 

wherein the transmitting step comprises the steps of: transmitting the notification 
of the detected malware event in real-time, if the level of the detected malware event is 
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greater than or equal to the event trigger threshold; and transmitting the notification of the 
detected malware event eventually, if the level of the detected malware event is less than 
the event trigger threshold; 

wherein the event trigger threshold is configurable to control an amount of the 
notifications that are received in real-time . 

2.-15. (Cancelled) 

16. (Currently Amended) The method of claim 1[[5]], wherein the method further 
comprises the step of: 

transmitting an alert to an administrator indicating occurrence of the detected 
malware event in real-time, if the level of the detected malware event is greater than or 
equal to the event trigger threshold. 

17. (Currently Amended) A system for reporting malware events comprising: 
a processor operable to execute computer program instructions; 

a memory operable to store computer program instructions executable by the 
processor; and 

computer program instructions stored in the memory and executable to perform 
the steps of: 

detecting a malware event with one of a plurality of levels using a malware 
scanner, the malware event comprising at least one of: completion of a malware scan, a 
process failure relating to malware scanning, a missing log file, detection of malware, or 
failure of a response to malware ; 

determining a level of the detected malware event; 

comparing the level of the detected malware event to an event trigger threshold 
with one of a plurality of levels ; and 

transmitting a notification of the detected malware event, based on the 
comparison of the level of the detected malware event to the event trigger threshold; 

wherein the level of the malware event comprises one of: informational malware 
events requiring no operator intervention; warning malware events that indicate a process 
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failure; minor malware events that require attention, but are not events that could lead to 
loss of data; major malware events that need operator attention; critical malware events 
that need immediate operator attention and could lead to loss of data if not corrected; 

wherein the level of the event trigger threshold comprises one of: informational 
malware events requiring no operator intervention; warning malware events that indicate 
a process failure; minor malware events that require attention, but are not events that 
could lead to loss of data; major malware events that need operator attention; critical 
malware events that need immediate operator attention and could lead to loss of data if 
not corrected; 

wherein the transmitting step comprises the steps of: transmitting the notification 
of the detected malware event in real-time, if the level of the detected malware event is 
greater than or equal to the event trigger threshold; and transmitting the notification of the 
detected malware event eventually, if the level of the detected malware event is less than 
the event trigger threshold; 

wherein the event trigger threshold is configurable to control an amount of the 
notifications that are received in real-time . 

18. -31. (Cancelled) 

32. (Currently Amended) The system of claim [[3 1]] 17, further comprising the step 
of: 

transmitting an alert to an administrator indicating occurrence of the detected 
malware event in real-time, if the level of the detected malware event is greater than or 
equal to the event trigger threshold. 

33. (Currently Amended) A computer program product for reporting malware events, 
comprising: 

a computer readable medium; 

computer program instructions, recorded on the computer readable medium, 
executable by a processor, for performing the steps of 



Page 4 of 18 



Appl. No. 10/067,319 

Reply to Office action of August 12, 2005 

detecting a malware event with one of a plurality of levels using a malware 
scanner, the malware event comprising at least one of: completion of a malware scan, a 
process failure relating to malware scanning, a missing log file, detection of malware, or 
failure of a response to malware ; 

determining a level of the detected malware event; 

comparing the level of the detected malware event to an event trigger threshold 
with one of a plurality of levels ; and 

transmitting a notification of the detected malware event, based on the 
comparison of the level of the detected malware event to the event trigger threshold; 

wherein the level of the malware event comprises one of: informational malware 
events requiring no operator intervention; warning malware events that indicate a process 
failure; minor malware events that require attention, but are not events that could lead to 
loss of data; major malware events that need operator attention; critical malware events 
that need immediate operator attention and could lead to loss of data if not corrected; 

wherein the level of the event trigger threshold comprises one of: informational 
malware events requiring no operator intervention; warning malware events that indicate 
a process failure; minor malware events that require attention, but are not events that 
could lead to loss of data; major malware events that need operator attention; critical 
malware events that need immediate operator attention and could lead to loss of data if 
not corrected; 

wherein the transmitting step comprises the steps of: transmitting the notification 
of the detected malware event in real-time, if the level of the detected malware event is 
greater than or equal to the event trigger threshold; and transmitting the notification of the 
detected malware event eventually, if the level of the detected malware event is less than 
the event trigger threshold; 

wherein the event trigger threshold is configurable to control an amount of the 
notifications that are received in real-time . 

34.-47. (Cancelled) 
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48. (Currently Amended) The computer program product of claim [[47]]33, further 
comprising the step of: 

transmitting an alert to an administrator indicating occurrence of the detected 
malware event in real-time, if the level of the detected malware event is greater than or 
equal to the event trigger threshold. 

49. (New) The method of claim 1, wherein the event trigger threshold is set at a 
management server in a malware management program. 

50. (New) The method of claim 49, wherein the event trigger threshold is set by 
setting policies in the malware management program. 

51 . (New) The method of claim 1 , wherein the event trigger threshold is distributed to 
a plurality of malware agents residing in a plurality of user systems. 

52. (New) The method of claim 1, wherein if the level of the detected malware event 
is less than the event trigger threshold, the notification of the event is not transmitted until 
an eventual periodic event transmission. 

53. (New) The method of claim 1, wherein if the level of the detected malware event 
is less than the event trigger threshold, the notification of the event is not transmitted until 
a request by a management server is received. 

54. (New) The method of claim 1, wherein the level of the event trigger threshold is 
selected from a ranked set of levels including, from least critical to most critical with 
progressively greater levels, as follows: 

(1) the informational malware events requiring no operator intervention; 

(2) the warning malware events that indicate a process failure; 

(3) the minor malware events that require attention, but are not events that could lead 
to loss of data; 

(4) the major malware events that need operator attention; and 
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(5) the critical malware events that need immediate operator attention and could lead to 
loss of data if not corrected. 

55. (New) The method of claim 54, wherein the completion of the malware scan 
corresponds to one of the informational malware events requiring no operator 
intervention. 

56. (New) The method of claim 54, wherein the process failure relating to the 
malware scanning corresponds to one of the warning malware events that indicate a 
process failure. 

57. (New) The method of claim 54, wherein the missing log file corresponds to one of 
the minor malware events that require attention, but are not events that could lead to loss 
of data. 

58. (New) The method of claim 54, wherein the detection of the malware corresponds 
to one of the major malware events that need operator attention. 

59. (New) The method of claim 54, wherein the failure of the response to the malware 
corresponds to one of the critical malware events that need immediate operator attention 
and could lead to loss of data if not corrected. 

60. (New) The system of claim 17, wherein the event trigger threshold is set at a 
management server in a malware management program. 

61. (New) The system of claim 60, wherein the event trigger threshold is set by 
setting policies in the malware management program. 

62. (New) The system of claim 17, wherein the event trigger threshold is distributed 
to a plurality of malware agents residing in a plurality of user systems. 
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63. (New) The system of claim 17, wherein if the level of the detected malware event 
is less than the event trigger threshold, the notification of the event is not transmitted until 
an eventual periodic event transmission. 

64. (New) The system of claim 17, wherein if the level of the detected malware event 
is less than the event trigger threshold, the notification of the event is not transmitted until 
a request by a management server is received. 

65. (New) The system of claim 17, wherein the level of the event trigger threshold is 
selected from a ranked set of levels including, from least critical to most critical with 
progressively greater levels, as follows: 

(1) the informational malware events requiring no operator intervention; 

(2) the warning malware events that indicate a process failure; 

(3) the minor malware events that require attention, but are not events that could lead 
to loss of data; 

(4) the major malware events that need operator attention; and 

(5) the critical malware events that need immediate operator attention and could lead to 
loss of data if not corrected. 

66. (New) The system of claim 65, wherein the completion of the malware scan 
corresponds to one of the informational malware events requiring no operator 
intervention. 

67. (New) The system of claim 65, wherein the process failure relating to the malware 
scanning corresponds to one of the warning malware events that indicate a process 
failure. 

68. (New) The system of claim 65, wherein the missing log file corresponds to one of 
the minor malware events that require attention, but are not events that could lead to loss 
of data. 
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69. (New) The system of claim 65, wherein the detection of the malware corresponds 
to one of the major malware events that need operator attention. 

70. (New) The system of claim 65, wherein the failure of the response to the malware 
corresponds to one of the critical malware events that need immediate operator attention 
and could lead to loss of data if not corrected. 

71. (New) The computer program product of claim 33, wherein the event trigger 
threshold is set at a management server in a malware management program. 

72. (New) The computer program product of claim 71, wherein the event trigger 
threshold is set by setting policies in the malware management program. 

73. (New) The computer program product of claim 33, wherein the event trigger 
threshold is distributed to a plurality of malware agents residing in a plurality of user 
systems. 

74. (New) The computer program product of claim 33, wherein if the level of the 
detected malware event is less than the event trigger threshold, the notification of the 
event is not transmitted until an eventual periodic event transmission. 

75. (New) The computer program product of claim 33, wherein if the level of the 
detected malware event is less than the event trigger threshold, the notification of the 
event is not transmitted until a request by a management server is received. 

76. (New) The computer program product of claim 33, wherein the level of the event 
trigger threshold is selected from a ranked set of levels including, from least critical to 
most critical with progressively greater levels, as follows: 

(1) the informational malware events requiring no operator intervention; 

(2) the warning malware events that indicate a process failure; 
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(3) the minor malware events that require attention, but are not events that could lead 
to loss of data; 

(4) the major malware events that need operator attention; and 

(5) the critical malware events that need immediate operator attention and could lead to 
loss of data if not corrected. 

77. (New) The computer program product of claim 76, wherein the completion of the 
malware scan corresponds to one of the informational malware events requiring no 
operator intervention. 

78. (New) The computer program product of claim 76, wherein the process failure 
relating to the malware scanning corresponds to one of the warning malware events that 
indicate a process failure. 

79. (New) The computer program product of claim 76, wherein the missing log file 
corresponds to one of the minor malware events that require attention, but are not events 
that could lead to loss of data. 

80. (New) The computer program product of claim 76, wherein the detection of the 
malware corresponds to one of the major malware events that need operator attention. 

81. (New) The computer program product of claim 76, wherein the failure of the 
response to the malware corresponds to one of the critical malware events that need 
immediate operator attention and could lead to loss of data if not corrected. 
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